tests: fuzz client_handle_offer

Turns out that part of systemd isn't covered by any fuzz targets and that's not ideal considering that it parses data sent remotely. The fuzzer triggers an infinite loop in lease_parse_routes as soon as it starts so it seems to be working :-) ``` INFO: Running with entropic power schedule (0xFF, 100). INFO: Seed: 23620602 INFO: Loaded 2 modules (182073 inline 8-bit counters): 176548 [0x7fdf511fc8d0, 0x7fdf51227a74), 5525 [0x5f6ef0, 0x5f8485), INFO: Loaded 2 PC tables (182073 PCs): 176548 [0x7fdf51227a78,0x7fdf514d94b8), 5525 [0x5f8488,0x60ddd8), ./build/fuzz-dhcp-client: Running 1 inputs 1 time(s) each. Running: test/fuzz/fuzz-dhcp-client/timeout-ed34161922c7075c4773f2ada3dee8685d220980 ALARM: working on the last Unit for 31 seconds and the timeout value is 30 (use -timeout=N to change) ==80731== ERROR: libFuzzer: timeout after 31 seconds #0 0x51b32e in __sanitizer_print_stack_trace (/home/vagrant/systemd/build/fuzz-dhcp-client+0x51b32e) #1 0x4689e9 in fuzzer::PrintStackTrace() (/home/vagrant/systemd/build/fuzz-dhcp-client+0x4689e9) #2 0x44a0f4 in fuzzer::Fuzzer::StaticAlarmCallback() (/home/vagrant/systemd/build/fuzz-dhcp-client+0x44a0f4) #3 0x7fdf4f8b474f (/lib64/libc.so.6+0x4274f) #4 0x465fee in __sanitizer_cov_trace_const_cmp4 (/home/vagrant/systemd/build/fuzz-dhcp-client+0x465fee) #5 0x57eee5 in lease_parse_routes /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:495:23 #6 0x57baf3 in dhcp_lease_parse_options /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:701:21 #7 0x572450 in parse_options /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:348:33 #8 0x571cea in dhcp_option_parse /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:381:21 #9 0x559a01 in client_handle_offer /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-client.c:1543:13 #10 0x5592bd in LLVMFuzzerTestOneInput /home/vagrant/systemd/build/../src/libsystemd-network/fuzz-dhcp-client.c:78:9 #11 0x44a379 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x44a379) #12 0x42ae1f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x42ae1f) #13 0x432ade in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x432ade) #14 0x421f86 in main (/home/vagrant/systemd/build/fuzz-dhcp-client+0x421f86) #15 0x7fdf4f89f55f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f) #16 0x7fdf4f89f60b in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x2d60b) #17 0x421fd4 in _start (/home/vagrant/systemd/build/fuzz-dhcp-client+0x421fd4) SUMMARY: libFuzzer: timeout ```
author: Evgeny Vereshchagin <evvers@ya.ru> 2022-01-28 20:35:38 +0000
committer: Evgeny Vereshchagin <evvers@ya.ru> 2022-01-29 00:59:56 +0000
commit: 4158af36510bf2d03be30867f0d81bdc77d74680 (patch)
tree: b5024445e4053c3ec269f97a64962f79f71da3f1 /src/libsystemd-network/meson.build
parent: 372c6c70283507af243013941f7575a01c9d94a9 (diff)
download: systemd-4158af36510bf2d03be30867f0d81bdc77d74680.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libsystemd-network/meson.build b/src/libsystemd-network/meson.build
index 3f5e11e7f5..853401d5be 100644
--- a/src/libsystemd-network/meson.build
+++ b/src/libsystemd-network/meson.build
@@ -105,6 +105,10 @@ tests += [
 ]
 
 fuzzers += [
+        [files('fuzz-dhcp-client.c'),
+         [libshared,
+          libsystemd_network]],
+
         [files('fuzz-dhcp6-client.c'),
          [libshared,
           libsystemd_network]],
author	Evgeny Vereshchagin <evvers@ya.ru>	2022-01-28 20:35:38 +0000
committer	Evgeny Vereshchagin <evvers@ya.ru>	2022-01-29 00:59:56 +0000
commit	4158af36510bf2d03be30867f0d81bdc77d74680 (patch)
tree	b5024445e4053c3ec269f97a64962f79f71da3f1 /src/libsystemd-network/meson.build
parent	372c6c70283507af243013941f7575a01c9d94a9 (diff)
download	systemd-4158af36510bf2d03be30867f0d81bdc77d74680.tar.gz